0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00

Respect subdirectory in authenticate middleware

This commit is contained in:
Michael Bradshaw 2014-02-19 15:53:40 -07:00
parent f273e17e08
commit b410f5833b
2 changed files with 11 additions and 10 deletions

View file

@ -272,8 +272,8 @@ module.exports = function (server, dbHash) {
// ### Caching // ### Caching
expressServer.use(middleware.cacheControl('public')); expressServer.use(middleware.cacheControl('public'));
expressServer.use('/api/', middleware.cacheControl('private')); expressServer.use(subdir + '/api/', middleware.cacheControl('private'));
expressServer.use('/ghost/', middleware.cacheControl('private')); expressServer.use(subdir + '/ghost/', middleware.cacheControl('private'));
// enable authentication; has to be done before CSRF handling // enable authentication; has to be done before CSRF handling
expressServer.use(middleware.authenticate); expressServer.use(middleware.authenticate);

View file

@ -29,17 +29,17 @@ var middleware = {
// exceptions for signin, signout, signup, forgotten, reset only // exceptions for signin, signout, signup, forgotten, reset only
// api and frontend use different authentication mechanisms atm // api and frontend use different authentication mechanisms atm
authenticate: function (req, res, next) { authenticate: function (req, res, next) {
if (res.isAdmin) { var subPath = req.path.substring(config().paths.subdir.length),
if (req.path.indexOf("/ghost/api/") === 0) { noAuthNeeded = [
return middleware.authAPI(req, res, next);
}
var noAuthNeeded = [
'/ghost/signin/', '/ghost/signout/', '/ghost/signup/', '/ghost/signin/', '/ghost/signout/', '/ghost/signup/',
'/ghost/forgotten/', '/ghost/reset/' '/ghost/forgotten/', '/ghost/reset/'
]; ];
if (res.isAdmin) {
if (subPath.indexOf('/ghost/api/') === 0) {
return middleware.authAPI(req, res, next);
}
if (noAuthNeeded.indexOf(req.path) < 0) { if (noAuthNeeded.indexOf(subPath) < 0) {
return middleware.auth(req, res, next); return middleware.auth(req, res, next);
} }
} }
@ -51,7 +51,8 @@ var middleware = {
// We strip /ghost/ out of the redirect parameter for neatness // We strip /ghost/ out of the redirect parameter for neatness
auth: function (req, res, next) { auth: function (req, res, next) {
if (!req.session.user) { if (!req.session.user) {
var reqPath = req.path.replace(/^\/ghost\/?/gi, ''), var subPath = req.path.substring(config().paths.subdir.length),
reqPath = subPath.replace(/^\/ghost\/?/gi, ''),
redirect = '', redirect = '',
msg; msg;